🟠 High | Source: The Hacker News
Two members of the Scattered Spider cybercriminal group, Owen Flowers (18) and Thalha Jubair (20), have each been sentenced to five and a half years in prison for the 2024 hack of Transport for London. The attack took 148 TfL systems offline and forced all 27,000 staff to reset passwords in person, costing the organisation an estimated £29 million. The convictions represent a notable enforcement success against a group known for sophisticated social engineering and identity-based attacks.
Security Architect’s Take: Review your organisation’s resilience against social engineering and identity-based intrusions: enforce phishing-resistant MFA (e.g. FIDO2/passkeys), implement strict helpdesk identity verification procedures, and ensure your incident response plan accounts for large-scale credential resets without requiring physical presence.
Original advisory: Two Scattered Spider Hackers Get 5.5 Years Each for £29 Million TfL Hack